Losses due to cyber security incidents could be very significant for organizations. This fact forces managers to consider cyber security risks at the highest management level. Cyber risks are usually either mitigated by technical means (countermeasures) or transferred to another party (ie, insured). These options require significant investments and organizational actions. In this paper, we proposed an approach for self-protection and cyber insurance. The key difference of our paper with respect to others in the field is that we need to identify the required security controls. Our approach exploits a discrete model of investment in self-protection, which is more challenging for analysis. Also, our model considers several threats and allows threats to occur more than once.
Optimal security configuration for cyber insurance
G Uuganbayar;A Yautsiukhin;F Martinelli
2018
Abstract
Losses due to cyber security incidents could be very significant for organizations. This fact forces managers to consider cyber security risks at the highest management level. Cyber risks are usually either mitigated by technical means (countermeasures) or transferred to another party (ie, insured). These options require significant investments and organizational actions. In this paper, we proposed an approach for self-protection and cyber insurance. The key difference of our paper with respect to others in the field is that we need to identify the required security controls. Our approach exploits a discrete model of investment in self-protection, which is more challenging for analysis. Also, our model considers several threats and allows threats to occur more than once.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.